Download - The Java Authentication and Authorization Service (JAAS)

Transcript
Page 1: The Java Authentication and Authorization Service (JAAS)

The Java Authentication and Authorization Service (JAAS)

Priit Salumaa

Tartu 2003

Page 2: The Java Authentication and Authorization Service (JAAS)

Sissejuhatuseks

• JavaTM 2 Platform Security Architecture+ JAAS ehk(koodipõhine + kasutajapõhine kontroll)

JAAS - Priit Salumaa

Page 3: The Java Authentication and Authorization Service (JAAS)

Java 2 platvormi turvamudel (1)

JAAS - Priit Salumaa

• Liivakastist välja

Page 4: The Java Authentication and Authorization Service (JAAS)

Java 2 platvormi turvamudel (2)

JAAS - Priit Salumaa

• Turvapoliitikad + lokaalse koodi kontroll

AccessController

Page 5: The Java Authentication and Authorization Service (JAAS)

Mõisted

JAAS - Priit Salumaa

• Kasutajapõhine tuvastamine (Authentication) ja juurdepääsukontroll (Authorization)

• Isik (subject) - suvalise teenuse kasutaja

• Kasutajatunnus (principal) - isikuga seotud nimi, võib olla mitmeid (nimi, avalik võti)

• Volitus (credential) - isiku salajased ja avalikud voliatribuudid (parool, salajane võti, Kerberose pilet, avalik võti jne.)

Page 6: The Java Authentication and Authorization Service (JAAS)

PAM ja pinu laadne tuvastus

JAAS - Priit Salumaa

• PAM (Pluggable Authentication Module)– sõltumatus kasutajatuvastusteenustest– LoginContext klass ja LoginModule

• Logimismoodulite pinu– tuvastuse katse– tuvastuse teostus– katkestamine

• Võrk ja üksikrakendus

Page 7: The Java Authentication and Authorization Service (JAAS)

Volituste põhine pääsukontroll

JAAS - Priit Salumaa

• JAAS + Java 2 vaikimisi turvapoliitika:

grantCodebase "http://bar.com,Signedby "bar",Principal bar.Principal "duke" {permission java.io.FilePermission "/cdrom/duke/-", "read";

}

Page 8: The Java Authentication and Authorization Service (JAAS)

Grupid, rollid hierarhia

JAAS - Priit Salumaa

• Rollid ja grupid kui volitused

grantPrincipal foo.Role "administrator"{permission java.io.FilePermission "/passwords/-", "read, write";

}

• PrincipalComparator liides

Page 9: The Java Authentication and Authorization Service (JAAS)

Juurdepääsukontrolli realisatsioon

JAAS - Priit Salumaa

• java.lang.SequrityManager• java.sequrity.AccessControlle• + Subject.doAs() (JAAS)

• = Kasutaja ja koodi põhine pääsukontroll

• Dünaamiliselt seostatakse accsess control context ja isik. – java.sequrity.DomainCombiner liides

Page 10: The Java Authentication and Authorization Service (JAAS)

Virtuaalmasin ja JAAS

JAAS - Priit Salumaa

• JAAS pakub VM laiendust tuvastusfunktsioonide osas

• Mitme kasutaja keskkond VM sees

• Igale kasutajale shell

• Lisaks kasutaja identiteedile on võimalik koodile anda mingi kindla kasutaja õigused - UserPermissions

Page 11: The Java Authentication and Authorization Service (JAAS)

Mõned puudused ja tulevik

JAAS - Priit Salumaa

• Skaleeritavus – sertifitseeritud kolmas osapool

• Hajususe toetus (RMI turvalisus)

• Jini – teenuse registreerimine ja lokaliseerimine


Top Related

Web API authentication and authorization

Web API authentication and authorization

JavaTM Authentication and Authorization Service

JavaTM Authentication and Authorization Service

12. ASP.net Authentication and Authorization

12. ASP.net Authentication and Authorization

Forms Authentication, Authorization, User Accounts, and ... · PDF fileForms Authentication, Authorization, User Accounts, and Roles :: User-Based Authorization ... ASP.NET makes it

Forms Authentication, Authorization, User Accounts, and ... · PDF fileForms Authentication, Authorization, User Accounts, and Roles :: User-Based Authorization ... ASP.NET makes it

Authentication and Authorization for Constrained Environments · 2019-01-11 · Authentication and Authorization for Constrained Environments Master Thesis Urs Gerber ... called Authentication

Authentication and Authorization for Constrained Environments · 2019-01-11 · Authentication and Authorization for Constrained Environments Master Thesis Urs Gerber ... called Authentication

Authentication, Authorization, and Audit Design Pattern ... · Authentication, Authorization, and Audit Design Pattern: External User Authentication Office of Technology Strategies

Authentication, Authorization, and Audit Design Pattern ... · Authentication, Authorization, and Audit Design Pattern: External User Authentication Office of Technology Strategies

Forms Authentication, Authorization, User Accounts, and …download.microsoft.com/.../aspnet_tutorial02_FormsAuth_vb.pdf · Forms Authentication, Authorization, User Accounts, and

Forms Authentication, Authorization, User Accounts, and …download.microsoft.com/.../aspnet_tutorial02_FormsAuth_vb.pdf · Forms Authentication, Authorization, User Accounts, and

Authentication Authorization and Accounting Configuration ...AAA Authentication General Configuration Procedure 4 RADIUS Change of Authorization 5 Change-of-Authorization Requests

Authentication Authorization and Accounting Configuration ...AAA Authentication General Configuration Procedure 4 RADIUS Change of Authorization 5 Change-of-Authorization Requests

Languages
Pages
Legal

Copyright © 2022 FDOCUMENTS